diff --git a/changelogs/fragments/fix_acls_replace_idemp.yaml b/changelogs/fragments/fix_acls_replace_idemp.yaml new file mode 100644 index 000000000..e44fc4c86 --- /dev/null +++ b/changelogs/fragments/fix_acls_replace_idemp.yaml @@ -0,0 +1,3 @@ +--- +bugfixes: + - Fixed idempotency when using `replaced` state on host with multiple ACLs present. diff --git a/plugins/module_utils/network/eos/config/acls/acls.py b/plugins/module_utils/network/eos/config/acls/acls.py index 860786c11..17ad8de5f 100644 --- a/plugins/module_utils/network/eos/config/acls/acls.py +++ b/plugins/module_utils/network/eos/config/acls/acls.py @@ -278,23 +278,23 @@ def _state_replaced(self, want, have): config_cmds.append( list(itertools.chain(*cmds)), ) - if name not in ace_names: - for w_ace in want_ace: - w = [ - { - "afi": afi, - "acls": [ - { - "name": name, - "aces": [w_ace], - }, - ], - }, - ] - cmds = set_commands(w, have) - config_cmds.append( - list(itertools.chain(*cmds)), - ) + if name not in ace_names: + for w_ace in want_ace: + w = [ + { + "afi": afi, + "acls": [ + { + "name": name, + "aces": [w_ace], + }, + ], + }, + ] + cmds = set_commands(w, have) + config_cmds.append( + list(itertools.chain(*cmds)), + ) if remove_cmds: remove_cmds = list(itertools.chain(*remove_cmds)) diff --git a/tests/integration/targets/eos_acls/tests/common/replaced.yaml b/tests/integration/targets/eos_acls/tests/common/replaced.yaml index fd74eead6..cfb2a60bc 100644 --- a/tests/integration/targets/eos_acls/tests/common/replaced.yaml +++ b/tests/integration/targets/eos_acls/tests/common/replaced.yaml @@ -113,8 +113,8 @@ - ansible.builtin.assert: that: - - result.changed == true - - result.commands|length == 2 + - result.changed == false + - result.commands|length == 0 - ansible_facts.network_resources.acls|symmetric_difference(result.before) == [] always: diff --git a/tests/unit/modules/network/eos/fixtures/eos_acls_idempotent.cfg b/tests/unit/modules/network/eos/fixtures/eos_acls_idempotent.cfg new file mode 100644 index 000000000..f49b83bb6 --- /dev/null +++ b/tests/unit/modules/network/eos/fixtures/eos_acls_idempotent.cfg @@ -0,0 +1,12 @@ +ip access-list TEST-LIST-1 + 10 remark test + 20 permit tcp 192.0.2.0/24 any eq https log +! +ip access-list TEST-LIST-2 + 10 remark test + 20 permit tcp 192.0.2.0/24 any eq https log +! +ip access-list TEST-LIST-3 + 10 remark test + 20 permit tcp 192.0.2.0/24 any eq https log +! diff --git a/tests/unit/modules/network/eos/test_eos_acls.py b/tests/unit/modules/network/eos/test_eos_acls.py index d91f4bb0f..3520bedcd 100644 --- a/tests/unit/modules/network/eos/test_eos_acls.py +++ b/tests/unit/modules/network/eos/test_eos_acls.py @@ -397,6 +397,61 @@ def test_eos_acls_deletedafis(self): commands = ["no ip access-list test1"] self.execute_module(changed=True, commands=commands) + def test_eos_two_acls_idempotent(self): + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + acls=[ + dict( + name="TEST-LIST-1", + aces=[ + dict( + sequence="10", + remark="test", + ), + dict( + sequence="20", + grant="permit", + source=dict(subnet_address="192.0.2.0/24"), + destination=dict( + any="true", + port_protocol=dict(eq="https"), + ), + protocol="tcp", + log="true", + ), + ], + ), + dict( + name="TEST-LIST-2", + aces=[ + dict( + sequence="10", + remark="test", + ), + dict( + sequence="20", + grant="permit", + log="true", + destination=dict( + any="true", + port_protocol=dict(eq="https"), + ), + protocol="tcp", + source=dict(subnet_address="192.0.2.0/24"), + ), + ], + ), + ], + ), + ], + state="replaced", + ), + ) + self.execute_module(changed=False, commands=[], filename="eos_acls_idempotent.cfg") + def test_eos_acls_gathered(self): set_module_args(dict(config=[], state="gathered")) result = self.execute_module(